Off-the-shelf methods to carry out an attack
Source: Xatrix
The security protocol containing the vulnerability is called Wired Equivalent Privacy (WEP), and it's used to protect local area networks (LANs) employing the 802.11 standard.
WEP contains an algorithm called RC4 that's designed to shield transmissions between a mobile station (for example, a laptop with a wireless Ethernet card) and a base station system.
Several research groups have uncovered a variety of problems in WEP, which is deployed in wireless networks at numerous homes, offices, hospitals and airports. The researchers from Rice University in Houston, Texas, and AT&T performed their recent attack after reading a detailed and highly scientific description of the vulnerability written several weeks ago by Scott Fluhrer from Cisco Systems, and Itsik Mantin and Adi Shamir from The Weizmann Institute of Science in Israel
Fluhrer, Mantin and Shamir are expected to present certain aspects of their findings publicly at a cryptography symposium next week in Toronto, Canada.
"We show that RC4 is completely insecure in a common mode of operation, which is used in the widely deployed Wired Equivalent Privacy protocol," reads the findings' summation by Fluhrer, Mantin and Shamir -- who is the "S" in the distinguished RSA cryptosystem
The researchers from Rice and AT&T essentially then applied these technical findings to a "real world" implementation and released a paper with their conclusions on Monday.
